You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@mesos.apache.org by "Gavin (JIRA)" <ji...@apache.org> on 2019/04/29 09:28:05 UTC
[jira] [Issue Comment Deleted] (MESOS-2379) Disabled master
authentication causes authentication retries in the scheduler.
[ https://issues.apache.org/jira/browse/MESOS-2379?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Gavin updated MESOS-2379:
-------------------------
Comment: was deleted
(was: www.rtat.net)
> Disabled master authentication causes authentication retries in the scheduler.
> -------------------------------------------------------------------------------
>
> Key: MESOS-2379
> URL: https://issues.apache.org/jira/browse/MESOS-2379
> Project: Mesos
> Issue Type: Bug
> Components: security
> Reporter: Till Toenshoff
> Priority: Major
> Labels: authentication, tech-debt
>
> The CRAM-MD5 authenticator relies upon shared credentials. Not supplying such credentials while starting up a master effectively disables any authentication.
> A framework (or slave) may still attempt to authenticate which is answered by an {{AuthenticationErrorMessage}} by the master. That in turn will cause the authenticatee to fail its {{authenticate}} promise, which in turn will cause the current framework driver implementation to infinitely (and unthrottled) retry authentication.
> See: https://github.com/apache/mesos/blob/master/src/sched/sched.cpp#L372
> {noformat}
> if (reauthenticate || !future.isReady()) {
> LOG(INFO)
> << "Failed to authenticate with master " << master.get() << ": "
> << (reauthenticate ? "master changed" :
> (future.isFailed() ? future.failure() : "future discarded"));
> authenticating = None();
> reauthenticate = false;
> // TODO(vinod): Add a limit on number of retries.
> dispatch(self(), &Self::authenticate); // Retry.
> return;
> }
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)